Кафедри
Постійне посилання на розділhttps://repository.kpi.kharkov.ua/handle/KhPI-Press/35393
Переглянути
4 результатів
Результати пошуку
Документ Development of a heuristic antivirus scanner based on the file's pe-structure analysis(Вінницький національний технічний університет, 2017) Gavrylenko, Svitlana; Melnyk, М. S.; Chelak, ViktorMethods for constructing antivirus programs, their advantages and disadvantages are considered. The PE-structure of malicious and secure software is analyzed. The API-functions and strings inherent in these files are found and some of them are selected for further analysis. The selected features are used as inputs for the system of fuzzy inferences. A model of a fuzzy inference system based on the Mamdani fuzzy logic method is developed and tested. The obtained results of the research showed the possibility of using the developed malicious software identification system in heuristic analyzers of intrusion detection systems.Документ Development an antivirus scanner based on the neural network ART-1(НТУ "ХПІ", 2018) Gavrylenko, Svitlana; Babenko, O. S.In this article, the methods for constructing antivirus programs, their advantages and disadvantages are considered. The PE-structure of malicious and safe software was analyzed. The signs that are typical for classes of malware such as Worm, Backdoor, Trojan and for the safe software were identified. A software model of the device for detecting malicious software based on the neural network ART-1 was developed. This system was trained on the example of the obtained binary vectors. Optimal similarity coefficients were found, and the testing was performed. The test results showed the possibility of using the developed system to detect modified malicious software.Документ Investigation of intrusion in computer systems based on the Hurst exponent(NTU "KhPI", 2017) Gavrylenko, Svitlana; Chelak, Viktor; Bilogorskiy, NickThe subjectof the research in this article is the analysis of intrusion detection methods in computer systems.The purpose of the article is to develop effective methods and technologies for countering computer viruses. Tasks: research of modern means of antivirus protection of computer systems; a study of the Hurst index for assessing the state of the computer system; development of a software model for assessing the state of a computer system based on the Hurst index, analysis of the experimental data. The methods usedare: self-similarity assessment of the process based on the Hurst index. The following results are obtained. A method for identified abnormal behavior of a computer system based on the Hurst index is proposed. It is based on the analysis of CPU and RAM. The results of the research showed that theinfluence of a number of viruses on the computer system leads to the aspiration of the Hurstindex to an average value of 0.5, which indicates the randomness of the process. Conclusions. Experimental studies confirm the possibility of using the Hurst index as an integral part of the intrusion detection system in computer systems.Документ Development of the method and program model of the static analyzer of harmful files(НТУ "ХПІ", 2017) Gavrylenko, Svitlana; Saenko, DmitriyThe subject of research in this article is the methods of analyzing malicious software. The goal is to improve the secure functioning of computer systems (CS) and protect them from the effects of computer viruses. Research target: the research of modern means of software antivirus protection; analysis of the methods of creating a file signature; the development of a software model for static file detection, based on the analysis of the PE structure; the generation of tables of features that are inherent to families of viruses such as Worms, Backdor, Trojan; the obtainment binary signatures of malicious and secure software. The methods used are: analysis of the code in a Hex file, file hashing algorithms. The following results are obtained. The PE-structure of the file has been analyzed; sections have been selected for further analysis. A software model of static file detection has been developed and the analysis of secure and malicious files has been performed. Features in the form of strings and API functions have been selected; a bitmask has been formed for further file analysis. 3500 files of malicious and safe software has been scanned, their analysis has been performed. Signatures of each malicious file have been encoded and stored in the signature database. Using the developed software model, a study has been made of the possibility of detecting modifications to malicious software. Conclusions. A method and software model of static detection of malicious files has been developed, which allow automatic obtainment of a set of file features and draw a conclusion about the severity of the file.